Having access to abundant customer data is key to success for any healthcare marketing department, especially in the age of customer relationship management (CRM) systems. But just as critical is protecting that data. Patients trust their information will be safe; lose that trust through a hacking or other breach, and your organization itself will lose credibility.
According to one recent report, consumers are increasingly taking data privacy into their own hands and are even turning to punitive measures when they learn that companies have lost control of their data. Among other things, they're deleting or avoiding associated apps, and they're disabling cookies and adjusting mobile privacy settings. They're also deciding to not buy certain products, or to instead purchase similar products from different brands.
It doesn't take a neurosurgeon to understand what these trends might mean for healthcare. With one recent survey showing that one in four U.S. consumers have lost personal information to a healthcare data breach, and that 25 percent of those breach victims responded by switching medical providers, it's more important than ever for hospitals and health systems to focus on improving information security.
So what can you, as a healthcare marketer, do right now to bolster your “security posture"? Here are a few CRM-specific tips based on advice from the National Cyber Security Alliance (NCSA):
1. Lean on Your IT Department
The NCSA recommends starting with a close look at your information technology infrastructure. You could do this yourself, of course, but unless you have experience in cybersecurity, you should probably leave it to the folks in IT. Their first order of business, according to the NCSA: Install a firewall that controls access to all data, and then add an antivirus program to fend off malware and phishing attempts. From there you should ensure that operating systems are updated regularly, and that all potentially vulnerable devices include encryption software designed to keep hackers at bay. The NCSA also suggests using online dashboard tools that allow department managers (or IT professionals) to track who is using your CRM system in real time — and to be notified instantly when anything is amiss. And last but not least, don't forget to check in with your website vendor to ensure they're following an established security framework.
Since much of this is out of marketing's wheelhouse, you can help IT out (and help get their sign off on any technology you're investing in) by inquiring about these protocols during the vetting or RFP process.
2. Learn and Follow Cybersecurity Best Practices
Even with the best built-in security features in place, they'll do little good if your department doesn't know how to use them. Employees should be trained not only in data-breach prevention (including safe web-browsing techniques and how to recognize phishing scams), the NCSA recommends, but also in what to do in the event a breach occurs. And take the time to review your password protocol. Personal passwords should be stored with an online password manager or in a safe physical place away from employees' desks. And passwords themselves should be impossible to guess: The U.S. Department of Homeland Security suggests using long “passphrases" that aren't based on personal information and don't include words found in the dictionary. Multi-factor authentication techniques — where passwords are used in combination with other security measures, like one-time codes sent to a different device — are also a good idea.
3. Pick a Reputable CRM
The NCSA points out that it's important to choose a CRM provider that follows data standards established by the International Organization for Standardization (ISO 27001). Your CRM vendor should also have a “solid reputation for security," the alliance recommends, and clearly spell out — in writing — exactly what it does to secure patient data.
The reality is, with any networked device, there's nothing one can do to guarantee 100% data security. When it comes to your organization's CRM, however, you can do your best to make that data hard to get. Hackers look for easy targets. Don't be that bull's eye that's impossible to miss.
Want to learn more about vetting technology vendors for security? Read our post by our VP, Security and Infrastructure.